(CNET News.com) A new site called Please Rob Me has popped up to expose the potential pratfalls of the geolocation craze: If you're pushing a "check-in" from Gowalla, Brightkite, or Foursquare to a local restaurant out to your public Twitter stream, you're broadcasting that you aren't home. Which could be taken to mean that your home is ripe for burglary. Please Rob Me consists exclusively of an aggregation of public Twitter messages that have been pushed through fast-growing location-based networking site Foursquare, one of a handful of services that encourages people to share their whereabouts with their friends. You can filter by geographic location, too.
(New York Times) Policy and privacy experts agree that the relentless rise of Internet data harvesting has overrun the old approach of using lengthy written notices to safeguard privacy. These statements are rarely read, are often confusing and can't hope to capture the complexity of modern data-handling practices. As a result, experts say, consumers typically have little meaningful choice about the online use of their personal information - whether their birth dates, addresses, credit card numbers or Web-browsing habits.
(Bloomberg) by Stephanie Bodoni. Google Inc.'s Street View may break European Union privacy laws, according to data-protection regulators who say the mapping service stores images for too long. The EU's privacy watchdog said in a letter to Google that "it is disproportionate to retain unblurred copies of the images for one year," and urged the company to cut the period to six months. Street View, which offers photos of roads and intersections, was introduced in early 2007 in the U.S. and is being rolled out across Europe.
(BBC) An Italian court has convicted three Google executives in a trial over a video showing an autistic teenager being bullied. The Google employees were accused of breaking Italian law by allowing the video to be posted online. Judge Oscar Magi absolved the three of defamation but convicted them of privacy violations. The UK's former Information Commissioner Richard Thomas said the case gave privacy laws a "bad name". The three employees, Peter Fleischer, David Drummond and George De Los Reyes, received suspended six-month sentences, while a fourth defendant, product manager Arvind Desikan, was acquitted. David Drummond, chief legal officer at Google and one of those convicted, said he was "outraged" by the decision. See Serious threat to the web in Italy (Google Public Policy Blog).
(NetFamilyNews) Because Buzz is brand-new and a hybrid of Gmail, micro-blogging, cellphone social mapping, and social networking, we're all at the early stages of figuring out its implications for kids - a lot of whom use Gmail. Charlene Li, a mom and well-known social-media-industry analyst, blogged that she had discovered her 9-year-old daughter was using and really enjoying Buzz. The child had had one conversation on it with her friends. The problem was that the kids didn't know their conversation was public.
(Michael Geist) Peter Hustinx, the European Data Protection Supervisor, has issued a 20-page opinion expressing concern about ACTA. The opinion focuses on three key issues: three strikes legislation, cross-border data sharing as part of enforcement initiatives, and transparency. Although the EDPS acknowledges the importance of enforcing intellectual property rights, he takes the view that a three strikes Internet disconnection policy constitutes a disproportionate measure. It can be questioned whether data transfers to third countries in the context of ACTA are legitimate. The principles of necessity and proportionality of the data transfers under ACTA would be more easily met if the agreement was expressly limited to fighting the most serious IPR infringement offences, instead of allowing for bulk data transfers relating to any suspicions of IPR infringements. The EDPS strongly encourages the European Commission to establish a public and transparent dialogue on ACTA, possibly by means of a public consultation.
(BBC) The European Parliament has blocked a key agreement that allows the United States to monitor Europeans' bank transactions - angering Washington. The US called the decision a "setback for EU-US counter-terror co-operation". The vote was a rebuff to intensive US lobbying for EU help in counter-terrorism investigations. EU governments had negotiated a nine-month deal which would have allowed the US to continue accessing the Swift money transfer system.
(BBC) Teaching unions are complaining that e-safety software is increasingly being used to keep track of their members. They say thousands of teachers are having their every mouse-click monitored, eroding trust. So-called spyware has increasingly been adopted by schools to tackle cyber-bullying and to stop pupils accessing unsuitable websites. Such software can record online activity by individuals, including web pages visited and messages sent. Leader of the NASUWT teachers' union Chris Keates says monitoring of teachers' computer use is common - and a symptom of "a growing culture of surveillance".
(ReadWriteWeb) by Sarah Perez. In December, Facebook made a series of bold and controversial changes regarding the nature of its users' privacy on the social networking site. Those of you who edited your privacy settings prior to December's change have nothing to worry about - that is, assuming you elected to keep your personalized settings when prompted by Facebook's "transition tool." The tool, a dialog box explaining the changes, appeared at the top of Facebook homepages this past month with its own selection of recommended settings. Unfortunately, most Facebook users likely opted for the recommended settings without really understanding what they were agreeing to. If you did so, you may now be surprised to find that you inadvertently gave Facebook the right to publicize your private information including status updates, photos, and shared links.
(European Public Policy Blog) Ever wondered what data Google's search engine collects and why we retain search logs for certain periods of time? Here's a hint: it's not to personalise advertising as many people wrongly assume. Our first ever Brussels Tech Talk was about this and other questions on online privacy, given that it was Data Protection Day. Dr Alma Whitten, Google's engineering lead for privacy, addressed a full room of policy makers and other interested stakeholders. Alma demonstrated how we harness the power of data to "learn from the good guys, fight the bad guys, and invent the future." You can watch the video of the talk, and follow along with her presentation.
(RAPID) The European Commission has taken legal action against Italy for not respecting EU ePrivacy rules. According to EU law, subscribers who are included in a public subscriber directory must be informed about the objectives of the directory and consent to the use of their personal data contained therein for marketing purposes. As Italy failed to comply with this obligation, the Commission decided to send a letter of formal notice (the first step of an infringement proceeding).
(Press Release) The Privacy Commissioner of Canada announced an upcoming consultation with Canadians on privacy issues related to the online tracking, profiling and targeting of consumers by marketers and other businesses. This will be the first in a series of public consultations focused on emerging technological trends that are likely to have a significant impact on the privacy of Canadians. A second consultation on the privacy issues emerging from the growing movement toward cloud computing will be announced in the near future.
(RAPID) Keynote Speech at the Data Protection Day by Viviane Reding, Member of the European Commission responsible for Information Society and Media, 28 January 2010, European Parliament, Brussels. See also Press Release
(Google Public Policy blog) Known as Data Privacy Day in North America and Data Protection Day in Europe, 28 January is meant to increase public awareness about privacy in the information age. To mark this occasion, on the Official Google Blog we've unveiled our Privacy Principles, which guide the decisions we make as we create products and services that offer transparency and control.
(OUT-LAW News) Organisations responsible for major breaches of personal information security will face fines up to £500,000 from 6th April this year. The long-awaited penalties for serious data protection breaches have been approved by the Government. see Draft Order laid before Parliament The Data Protection (Monetary Penalties) Order 2010 and
statutory guidance from Information Commissioner's Office.
(BBC) Social networking websites have ensured that everyone who has an opinion can put it out in the public domain. The impact of all those online revelations has made France consider the length of time that personal information should remain available in the public arena. A proposed law in the country would give net users the option to have old data about themselves deleted. This right-to-forget would force online and mobile firms to dispose of e-mails and text messages after an agreed length of time or on the request of the individual concerned.
(O'Reilly) by Andy Oram. Social networking is the Internet phenomenon of the year and deserves an end-of-the-year profile. In a recent 19-month period, Facebook rose from 75 million to 300 million members, and Twitter has gone from perhaps 1.3 million users (depending on how you count them) to an estimated 18 million.
Before the end of the year, I'll post eight related entries that add up to a treatise titled "Being online: identity, anonymity, and all things in between:"
(TechCrunch Europe) Facebook's German clone StudiVZ follows the US social network's most successful move by adding support for third-party applications. The 15.7m users of StudiVZ and its siblings MeinVZ and SchülerVZ can now play games from Plinga or Wooga, sing online Karaoke with Mikestar or order Italian food from Pizza.de. CEO Markus Berger-de León has applied tight security policies to third-party apps to avoid the type of scams that TechCrunch recently dug up on Facebook and MySpace. German online privacy laws are among the strictest in the world, even Google Analytics is in danger of being banned in our country. To address this, VZ-Netzwerke works with so-called "business cards": For every app, users have to complete a form with the information they want to share. False names and incomplete data are also possible.
(Press Release) Yahoo! has released a beta version of a new consumer tool called Ad Interest Manager, which takes transparency in online advertising to a new level for building user trust. Ad Interest Manager http://privacy.yahoo.com/aim is a central place where Yahoo! visitors can see a concise summary of their online activity and make easy, constructive choices about their exposure to interest-based advertising served from the Yahoo! Ad Network.
(Facebook blog) Facebook's current privacy model revolves around "networks" - communities for your school, your company or your region. The plan we've come up with is to remove regional networks completely and create a simpler model for privacy control where you can set content to be available to only your friends, friends of your friends, or everyone. We're adding the ability to control who sees each individual piece of content you create or upload. In addition, we'll also be fulfilling a request made by many of you to make the privacy settings page simpler by combining some settings.
(BBC) Staff at mobile phone company T-Mobile passed on millions of records from thousands of customers to third party brokers, the firm has confirmed. Details emerged after the firm alerted the information commissioner, who said his office was preparing a prosecution. Christopher Graham said brokers had sold the data to other phone firms, who then cold-called the customers as their contracts were due to expire.
(Le Point) Les données numériques sont impalpables : c'est à la fois leur force et leur faiblesse. En effet, leur effacement ne peut pas être contrôlé facilement, et le respect de la vie privée des internautes en souffre sans vraiment qu'ils s'en rendent compte. La secrétaire d'État à l'Économie numérique, Nathalie Kosciusko-Morizet, propose de garantir le "droit à l'oubli numérique". Elle souhaite la création de labels pour les sites Web, particulièrement pour les réseaux sociaux, afin de garantir l'effacement des données. voir aussi Nathalie Kosciusko-Morizet s´est rendue à Charm el Cheikh, dimanche 15 novembre 2009, pour représenter la France au Forum mondial sur la gouvernance de l´Internet. Elle a saisi cette occasion pour défendre la notion de droit à l´oubli numérique et pour proposer la mise en place d´un groupe de discussion international sur la prescription des données personnelles sur Internet." Discours de la Ministre
(Google European Public Policy blog) Today we have learned that Swiss Data Protection Authority intends to take Google to court over Street View in Switzerland. We are disappointed. Data Protection Commissioner Herr Thuer has taken this move despite our efforts to provide a comprehensive set of solutions to his concerns. We want to take this opportunity to outline the situation to date and to explain why we believe his legal action is unnecessary. Before the launch in Switzerland, we made sure we spoke to privacy regulators and other interested groups to give them an opportunity to ask questions and raise any concerns they might have. We always do this before a launch because we know that different countries may have different expectations. See also ArsTechnica FDPIC's complaint to the Federal Administrative Court (PDF, German-only).
(Guardian) With the new Google Dashboard, the personal data and product settings of different Google products are combined on one side to make it simpler for users to deal with them. The feature, which has just been launched, looks like a console for your personal data. Now you can do what Google can do too, as it links from one place to the data stored on different Google sites. And yes, it does make it easier to manage your personal data. Users can change their privacy settings, delete data on the dashboard, or read the privacy policies from various accounts instead of looking for them everywhere.
(AFP) Experts from 50 nations meeting in Madrid have reached a draft agreement on international standards for the protection of privacy and personal data. Under the proposed standards, data may only be processed after obtaining the "free, unambiguous and informed consent" of the data subjects and it should be deleted when it is no longer necessary for the purposes for which it was gathered. Data collectors must identify themselves, state in clear language the purpose of the data processing and the recipients of the gathered data. International transfers of personal data may only be carried out to a country which "affords, as a minimum, the level of protection provided for in the document," according to the proposed standards, agreed by representatives from privacy protection agencies.
(RAPID) The Commission has moved to the second phase of an infringement proceeding over the UK to provide its citizens with the full protection of EU rules on privacy and personal data protection when using electronic communications. European laws state that EU countries must ensure the confidentiality of people's electronic communications like email or internet browsing by prohibiting their unlawful interception and surveillance without the user's consent. As these rules have not been fully put in place in the national law of the UK, the Commission will send the UK a reasoned opinion. Specifically, the Commission has identified three gaps in the existing UK rules governing the confidentiality of electronic communications: 1) There is no independent national authority to supervise interception of communications 2) The current UK law - the Regulation of Investigatory Powers Act 2000 (RIPA) - authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has "reasonable grounds for believing" that consent to do so has been given. These UK law provisions do not comply with EU rules defining consent as freely given, specific and informed indication of a person's wishes 3) The RIPA provisions are limited to 'intentional' interception only, whereas the EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.
(Office of the Privacy Commissioner of Canada) This report was prepared for the Office of the Privacy Commissioner by Jennifer Barrigar, a consultant and researcher with experience in both privacy law and developments in internet technology. It was originally commissioned in late 2008, and a final report was delivered to the Office in February 2009. Some of the observations made in this report may appear outdated or even incorrect. This is certainly the case with Facebook, one social network that has undertaken successive rounds of privacy amendments in 2009. This is not the case with many of the other social networking sites identified by Ms. Barrigar.
(Register) Google, Microsoft and other special interests are subjecting the European Commission to the most intense lobbying campaign it has ever faced, over regulation of how data is used to target advertising online, according to officials in Brussels.
(BBC) Eurovision Song Contest organisers say they may ban countries from the competition if broadcasters disclose information about voters' identities. It comes after a number of people in Azerbaijan were questioned by police after voting for a song by neighbouring Armenia in this year's contest.
(ZDNet) The Conservative Party has promised to reduce government databases and introduce stronger measures to protect people's privacy, if it wins the next general election. The shadow justice secretary, Dominic Grieve, introduced a policy paper, Reversing the Rise of the Surveillance State, that outlines 11 measures to achieve these goals. Overall, the Conservatives are calling for fewer massive central government databases, stronger data-protection rules and fewer access rights - for both central and local government - to the information that is already been stored. The party also pledged to introduce a greater focus on privacy, in both the public and private sectors.
(AP) Parents who install a leading brand of software to monitor their kids' online activities may be unwittingly allowing the company to read their children's chat messages - and sell the marketing data gathered. Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids. Five other makers of parental-control software contacted by The Associated Press, including McAfee, Symantec and CyberPatrol said they do not sell chat data to advertisers.
(Guardian) A blogger stripped of her anonymity by the US courts has said she plans to sue Google for handing over her real identity. Rosemary Port, a 29-year-old fashion student from New York, has said she will file a $15m (£9m) lawsuit against the internet giant after it complied with an order from a US court to reveal that she was behind the vitriolic "Skanks in NYC" blog. The case erupted last week after the Manhattan Supreme Court ruled that Google must hand over the identity of the writer, who had targeted 36-year-old model Liskula Cohen online and called her a "psychotic, lying, whoring... skank". Cohen had filed a lawsuit demanding that the writer's identity be revealed, an argument that judge Joan Madden agreed with.
(Heise) Das Social Network StudiVZ hat ein Manifest vorgestellt, mit dem er die Hoheit der Nutzer über ihre persönlichen Daten stärker betont und gleiche Spielregeln für alle hierzulande aktiven Online-Communities fordert. Siehe auch Pressemitteilung.
(01net) Ce qui est bien avec Internet, pour un journal, c'est que le problème de la place ne se pose pas. Quand on a beaucoup d'informations, on peut tout mettre en ligne sans avoir à faire un tri. C'est ce qu'a dû se dire L'Est républicain, qui a publié une série d'articles sur les démêlés juridico-financiers d'un député de l'Essonne. Mais le journal a été rappelé à l'ordre par la justice. Il a été condamné à 1 euro de dommages et intérêts et à 3 000 euros de remboursement de frais de procédure pour atteinte à la vie privée, comme le révèle le site Legalis.net.
(BBC) Home Secretary Alan Johnson has dropped plans to make ID cards compulsory for pilots and airside workers at Manchester and London City airports. The cards were due to be trialled there - sparking trade union anger. Shadow Home Secretary Chris Grayling said that the reverse in policy was "an absurd fudge" and "symbolic of a government in chaos". But Mr Johnson said the ID card scheme was still very much alive - despite Tory and Lib Dem calls to scrap it. He said the national roll-out of a voluntary scheme was being speeded-up - with London to get them a year early in 2010 and over-75s to get free cards.
(TechCrunch) Looking over the top 10 paid iPhone apps list, I noticed one called Offender Locator. It's an app to show you registered sex offenders living around you. While all 50 states require that sexual offenders register themselves, and allow anyone to access the information online, most people never look at it. The app allows you to see a list of offenders based on your current location (using the iPhone's location services), any contact's address, or it allows you to manually enter an address. The app then scours the database and lists the sexual offenders based on their proximity to the location you gave. You can click on any of these names to get a picture of the person, their information like date of birth, height, weight, and a picture. And you can also see the specific sexual crime they were charged with.
(Heise) Schüler dürfen ihre Lehrer weiterhin im Internet benoten. Das Persönlichkeitsrecht eines Lehrers werde dadurch nicht verletzt, entschied der Bundesgerichtshof (BGH) in Karlsruhe (Az. VI ZR 196/08). Das Gericht prüfte die Klage einer Lehrerin aus dem nordrhein-westfälischen Moers, die von Schülern im Internetportal spickmich.de bewertet worden war. Die Pädagogin, die im Unterrichtsfach Deutsch die Note 4,3 erhalten hat, sah ihr Persönlichkeitsrecht verletzt. Siehe auch: Spickmich.de: Pädagogin zieht vors Bundesverfassungsgericht.
(Guardian) A quarter of all the largest public-sector database projects, including the ID cards register, are fundamentally flawed and clearly breach European data protection and rights laws, according to a report, Database State by the Joseph Rowntree Reform Trust. The report says that 11 of the 46 biggest schemes, including the national DNA database and the Contactpoint index of all children in England, should be given a "red light" and immediately scrapped or redesigned. Only six of the 46 systems, including those for fingerprinting, get a "green light" for being effective, proportionate, necessary and established - with a legal basis to guarantee against privacy intrusions. But even some of these databases have operational problems. A further 29 databases earn an "amber light", meaning they have significant problems including being possibly illegal, and needing to be shrunk or split, or be amended to allow individuals the right to opt out. This group includes the NHS summary care record, the national childhood obesity database, the national pupil database, and the automatic number-plate recognition system. The study is by members of the Foundation for Information Policy Research, including Ross Anderson, a Cambridge University professor. It says Britain is now the most invasive surveillance state and the worst at protecting privacy of any western democracy.
(BBC) Several high-profile authors are to stop visiting schools in protest at new laws requiring them to be vetted to work with youngsters. Philip Pullman, author of fantasy trilogy His Dark Materials, said the idea was "ludicrous and insulting". Former children's laureates Anne Fine, Michael Morpugo and illustrator Quentin Blake have hit out at the scheme which costs £64 per person. The Home Office says the change from October will help protect children. Anyone who has "more than a tiny amount" of contact with children or vulnerable adults will have to sign up to the Vetting and Barring Scheme before November 2010. But the authors, including fantasy writer Mr Pullman, say they have worked in schools for years without ever being left alone with children.
(Press Release) In order to comply with Canadian privacy law, Facebook must take greater responsibility for the personal information in its care, the Privacy Commissioner of Canada said in announcing the results of an investigation into the popular social networking site's privacy policies and practices. See Michael Geist's summary.
(Tech and Law blog) The EU are conducting a wide-ranging consultation to seek views on the new challenges for personal data protection in order to maintain an effective and comprehensive legal framework to protect individual's personal data within the EU. Any views may be submitted by email, whether by citizen or organisation or public authority, on: What are the new challenges for personal data protection, in particular in the light of new technologies and globalisation? Does the current legal framework meets these challenges? What future action would be needed to address the identified challenges? The consultation web page has links to useful background papers, including papers and slides from a data protection conference "Personal data ? more use, more protection" held by the Commission in May 2009. For that conference there are slides on identity management as well as data protection, freedom of information, transparency, security and law ? all of which are relevant here. Deadline for submission of contributiosn: 31 December 2009.
(Judiciary of England and Wales) The Hon Sir Jack Beatson FBA, a Justice of the High Court of England and Wales. Valedictory address as President of the British Academy of Forensic Science 2007-2009. Inner Temple 16 June 2009; See also Police retention of DNA etc - forensic science & human rights (Tech and Law blog).
(OUT-LAW News) A controversial blogging detective has failed in his attempt to protect his anonymity and The Times newspaper has named him. The High Court said it was not its job to protect blogging police officers from disciplinary action over broken police rules. The author of the NightJack police blog, which has revealed details of cases and engaged in criticism of ministers potentially in breach of police rules, claimed that The Times should be stopped from naming him. He said that the newspaper owed a duty to keep the information confidential, and that he had a right to privacy. See
The Author of A Blog v Times Newspapers Ltd  EWHC 1358 (QB) (16 June 2009). See also Anonymous blogging in UK: NightJack / Times - other worrying issues (A Consuming Experience) by Improbulus.
(New York Times) Andrew Cuomo, New York's attorney general, intends to sue the social network Tagged.com "for deceptive e-mail marketing practices and invasion of privacy". Tagged, Mr. Cuomo alleges, illegally tried to lure new members by tricking visitors into providing their personal address books, which the company used to send out more invitations. Tagged disguised these e-mails to make it seem like a friend was inviting them to view personal photos
(Center for Democracy and Technology) CDT has released a Policy Post outlining issues related to the newly emerging location-enabled web. Location data should be under the control of the user; who collects it, what it gets used for, whether or not it gets shared and how long the data is stored are all decisions that should be in the hands of users, the Policy Post says. Location-enabled technologies should be designed with privacy in mind from the beginning, says the Policy Post. In addition, it says that ensuring that location information is transmitted and accessed in a privacy-protective way is essential to the future success of location-based applications and services.
(BBC) Personal details about the life of the next head of MI6, Sir John Sawers, have been removed from social networking site Facebook amid security concerns.
The Mail on Sunday said his wife had put details about their children and the location of their flat on the site.
(IDG News Service) Online consumers should get more information about what information is being tracked and collected for the purposes of behavioral advertising, and they should have more control over what data is being collected, according to new privacy principles released by four advertising trade groups. Online advertising networks should also "maintain appropriate physical, electronic, and administrative safeguards" to protect data collected, and they should retain the data "only as long as necessary to fulfill a legitimate business need, or as required by law," the principles said. see also Self-regulatory principles for behavioral advertising (Google Polciy Blog) by Pablo Chavez. Of course, for any self-regulatory effort to be effective, there has to be some kind of enforcement process. See also Four Privacy Protections the Online Ad Industry Left Out and An Icon That Says They?re Watching You (New York Times).
(EDRI-gram) A new communication from the European Commission to the other European bodies on the RFID (radio-frequency identification) titled "Internet of Things - An action plan for Europe" was made public on 18 June 2009. The communication builds on the work of the Recommendation on the use of RFID. The communication includes a 14-point action plan to address the main issues raised from the RFID usage. One of the most important action point is the launch of "a debate on the technical and legal aspects of the 'right to silence of the chips', which has been referred to under different names by different authors and expresses the idea that individuals should be able to disconnect from their networked environment at any time." The European Commission also announced that in 2010 it intends to publish a broader Communication on privacy and trust in the ubiquitous information society.
(CNET.com) Revamped privacy settings are coming soon to Facebook. The social network's privacy controls had gotten so sprawling that they were distributed across six separate pages and 40 different settings. As a result, Facebook's new controls will be more streamlined so as to offer easier and simpler controls about how much everything from entire profiles to individual pieces of content are shared. Users will be introduced to this through "transition tools" that allow them to toggle how open everything on their profile will be - totally public, friends-only, restricted to company or school networks, etc.
(OUT-LAW News) Social networking sites are legally responsible for their users' privacy, Europe's privacy watchdogs have confirmed. The committee of data protection regulators has said that the sites are 'data controllers', with all the legal obligations that brings. Users of the sites are also data controllers with legal obligations when they are posting on behalf of a club, society or company, the opinion said. The committee of Europe's data protection regulators, the Article 29 Working Party, has published its opinion on the legal status of social networking operators such as Facebook and MySpace. It has said that the sites cannot escape their legal obligations just because content on them is often produced and posted by users.See Opinion 5/2009 on online social networking. See also Article 29 Working Party on online social networking(EDRI-gram).
(SafeKids.com) Glympse joins Loopt and Google Latitude as the newest location-based service that uses cell phones? GPS capability to tell people where you are. Glympse requires almost no effort on the part of the person who is following you. All they have to do is click on a Web link on a computer or a Web- enabled phone to see where you are on a map. To transmit your location, you need to download an application to your phone and use the application to send a "Glympse," which authorizes that person to follow you for a specific amount of time and send them the link they need to see you on a map.
(BBC) A controversial database which holds the details of every child in England has become available to childcare professionals for the first time. ContactPoint, a response to Lord Laming's report following the death of Victoria Climbie, is beginning its national roll-out in the north west. But the system, costing £224m, has been delayed twice amid data security fears. The government says it will enable more co-ordinated services for children and ensure none slips through the net. It will hold the details of 11 million children and young people aged up to 18 years. 390,000 people will have access to the database, but will have gone through stringent security training
(RAPID) There are already over 6 billion smart chips, microelectronic devices that can be integrated into a variety of everyday objects from fridges to bus passes. With Radio Frequency Identification (RFID) technology, they can process data automatically when brought close to 'readers' that activate them, pick up their radio signal and exchange data with them. The European Commission adopted a set of recommendations to make sure that everyone involved in the design or operation of technology using smart chips respects the individual's fundamental right to privacy and data protection. see Commission Recommendation of 12.5.2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification C(2009) 3200 final. see also RFID: Radio Frequency IDentification: Frequently Asked Questions and Citizen's summary.
(BBC) The Home Office has been accused of colluding with online ad firm Phorm on "informal guidance" to the public on whether the company's service is legal. E-mails between the ministry and Phorm show the department asking if the firm would be "comforted" by its position.
(Europa) 19-20 May 2009. European Commission, Charlemagne building, Brussels. The European Commission organises a personal data use and protection conference to look at new challenges for privacy. How should personal data be protected in a globalised world with increased mobility and in the wake of modern communication and information technologies and new policies? Which data is accessed and exchanged by public authorities and private companies? How well are current rules on international transfers of personal data working in a time of cloud computing? What are the expectations of individuals and business and society as a whole?
(BBC) Amazon has said it will not allow online advertising system Phorm to scan its web pages to produce targeted ads. Phorm builds a profile of users by scanning for keywords on websites visited and then assigns relevant ads. It has proved controversial because it scans almost all sites a user visits and there is an ongoing political debate about how a user gives consent.
(OUT-LAW News) UK laws protecting the privacy of people's communications are inadequate, the European Commission has said. The Commission has launched a legal case against the UK over its implementation of European Union Directives. The Commission's investigation was sparked by outrage over trials by BT of Phorm, a system which monitors web use and tries to match advertising to people's perceived interests. The trials were done without BT customers' knowledge or permission. See Commission press release (RAPID).
(Europa) In a video posted on her website this morning, Viviane Reding, the European Union's Commissioner for Information Society and Media, said that Europeans must have the right to control how their personal information is used, and said that the Commission would take action wherever EU Member States failed to ensure that new technologies such as behavioural advertising, RFID 'smart chips' or online social networking respected this right. see Full text of this press release and Commissioner Reding's video message.
(RAPID) Keynote Speech by Meglena Kuneva, European Consumer Commissioner, Brussels, 31 March 2009. See also Behavioural Targeting At The European Consumer Summit (EDRI-gram). The European Commission Directorate - General for Health & Consumers organized the European Consumer Summit on "Consumer Trust in the Digital Market Place" held in Brussels on 1 and 2 April, 2009. The agenda featured policy workshops on 'Consumer challenges and opportunities in the digital world' and 'Consumer advocacy'. In a preceding 'Roundtable on Online Data Collection, Targeting and Profiling' hosted by the Directorate-General for Health & Consumers on 31 March experts and stakeholders' input had been generated in order to feed back into the main event. In her key note speech Commissioner Meglena Kuvena observed that "personal data is the new oil of the Internet and the currency of the digital world" - a reality to be accepted in exchange for free content online. However, well established consumer protection principles, including the applicable data protection regulations, are not fully complied with in the "World Wide Web (...) turning out to be the world 'wild west'."
(Digital Natives) by Sarah Zhang. Last month's outcry over the change and then quick reversal in Facebook?s Terms of Service proved that users will demand an active role in control over their own information. It brought to the forefront the issue of our digital dossiers. My digital dossier compromises of much more than a Facebook profile of course ? in fact it's a little alarming how much information is thrown in there ? and it is often difficult to know exactly what is in my digital dossier and how much (or how little) control I wield in creating it. PC Magazine recently published an excellent and comprehensive article on how to delete accounts on 23 popular web services, ranging from Google to eBay to Friendster.
Welcome to Cybertip.ca's Respect Yourself website. Many safety campaigns geared at teens focus on the stereotypical sex offenders - creepy strangers preying on innocent, confused youth. This site has been created to remind users that there are other, more common concerns when it comes to your safety and the Internet. One of the most overlooked issues with the Internet has to do with sending pictures/video of yourself by email or instant messaging (IM), or posting them to a social networking or photo sharing site. Once these pictures/video are sent, there's no way for you to regain full control. Voir aussi: Respecte-toi.
(Guardian) The government and the courts are collaborating in slicing away freedoms and pushing Britain to the brink of becoming a "database" police state, a series of sold-out conferences in eight British cities heard. In a day of speeches and discussions, academics, politicians, lawyers, writers, journalists and pop stars joined civil liberty campaigners yesterday to issue a call to arms for Britons to defend their democratic rights. More than 1,500 people, paying £35 a ticket, attended the Convention on Modern Liberty in Bloomsbury, central London, which was linked by video to parallel events in Glasgow, Birmingham, Belfast, Bristol, Manchester, Cardiff and Cambridge.
(Schneier on Security) Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data.
(Reuters) by Eric Auchard. Social networking phenomenon Facebook has beaten arch-rival and former market leader MySpace by most measures of popularity, except the one that pays the bills. While Facebook has outpaced MySpace in bringing in members - it has 175 million active users at the latest count, compared with around 130 million for MySpace - it has struggled make money from them. While MySpace is closing in on $1 billion in revenues, Facebook generated less than $300 million in sales last year. Indeed, Facebook's efforts to drum up revenue have led to it repeatedly becoming the target of some of the biggest online privacy protests on the Web. Its most recent fight earlier this month followed Facebook's attempt to redefine its own rules and assert ownership over anything its members posted on the site. The company has since backed off and is rethinking its policies. See also A false sense of security (BBC).
(New York Times) by Saul Hansell . Over the last few days, a lot of Facebook users were left wondering whether the company had ambitions to turn their goofy photos into a coffee table book and adapt their wall postings into a Broadway play.
As best as I can tell, Facebook has no such plans. But that's hard to tell when you read that its user agreement allows it to "use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers)," all the words, pictures and everything else created by its users. When you sort through it, the fierce reaction from Facebook's users may indicate a new and useful sensitivity to legal fine print. See also Whose data is it anyway? (BBC) and Facebook: You Own All Your Data. Period. (But See You at the Next Privacy Uproar) (TechCrunch).
(BBC) The founder of Facebook says the social network will return to its previous terms of service regarding user data. In a blog post Mark Zuckerberg said the move was temporary "while we resolve the issues that people have raised". Users had complained after new terms of service seemed to suggest Facebook would retain personal data even if someone deleted their account. Originally defending the changes, Mr Zuckerberg had said it was to better reflect how people used the site. He had said the changes were made to ensure that if a user deleted his or her account any comments or messages he or she had left on a friend's Facebook page would not also disappear. see also Facebook still showing growing pains by Darren Waters and Facebook?s privacy storm by Jonathan Zittrain.
(ZDNet.co.uk) The European Commission has threatened to take formal action against the UK government, which it says has not provided information it needs in its probe into Phorm's behavioural targeted ad-serving technology. The Commission has sent three letters requesting information from the government, but has not received sufficient answers.
(EDRI-gram) The EU funded European Network and Information Security Agency (ENISA) has issued its Position Paper on security features in European eID schemes, showing a large disparity between the various systems which might affect their usefulness. The paper is an analysis of 10 ID card systems already used in EU and 13 under development. The eID cards are presently used mainly in relation to tax declarations and other e-Gov services with some applications in the commercial sector as well, but their application will largely extend in the future. The study shows that Europe has no coordinated strategy to protect the private data stored on the cards which leads to their lack of interoperability and to reluctance in accepting them by potential users.
(EDRI-gram) The Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters was adopted by the Council and published in the Official Journal on 30 December 2008. The decision is the first horizontal data protection instrument in the field of personal data used by police and judicial authorities and its main purpose is to establish a common level of privacy protection and a high level of security when exchanging personal data. Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters.
(Press Release) Federal Trade Commission staff have issued a report describing its ongoing examination of online behavioral advertising and setting forth revisions to proposed principles to govern self-regulatory efforts in this area. The key issue concerns how online advertisers can best protect consumers' privacy while collecting information about their online activities. See also Targeted Online Advertising: What's the Harm & Where Are We Heading? (Technology Liberation Front) and Privacy groups slam new rules (BBC).
(BBC) Google has announced a new feature that allows users to share their locations among a chosen network of friends. The "opt-in" Latitude service uses data from mobile phone masts, GPS, or wi-fi hardware to update a user's location automatically. Users can also manually set their advertised location anywhere they like, or turn the broadcast off altogether. The service has raised a number of security concerns, as many users may not be aware that it is enabled.
(BBC) Firms are being encouraged to back a pledge to safeguard the data they hold about citizens and customers. Drafted by the Information Commissioner, the Personal Information Promise tries to improve respect for the data companies have gathered. Firms and organisations who use data that people surrender do not always take enough care with it, said Richard Thomas, Information Commissioner. 2008 saw a series of data breaches and losses that left the personal details of millions of people at risk from ID thieves. By signing up to the promise firms say they will go beyond the strictures laid down by law which govern what they can do with the personal data they hold on their customers or clients. Those backing the promise will be exhorted to consider privacy risks when they start work on new information systems that draw on databases of personal data. They must also put in place safeguards to ensure data is securely stored and does not fall into the hands of ID thieves. On the day the promise was launched 20 organisations pledged to back it. Those signing up included BT, Vodafone, Royal Mail, British Gas, Experian, Equifax, AstraZeneca and T-Mobile. see Personal Information Promise and Press Release.
(RAPID) Data protection laws are in place throughout the European Union to ensure that personal data is handled under very clear conditions and to give EU citizens the right to challenge any mishandling of their data. But without awareness, effective protection is impossible. Legal rights and protection regimes are only effective if people know that they exist and know how to use them. Data Protection Day is an excellent opportunity to raise such awareness in Europe and worldwide.
(BBC) A child protection database containing the contact details for all under 18-year-olds in England will be accessible to 390,000 staff, say ministers.
The ContactPoint database is intended to improve information sharing between professionals working with children. Children's Minister Baroness Morgan said parents would not be allowed to remove their children from the list. The government is also planning to set up another major child protection register for adults who work with young people. The Independent Safeguarding Authority plans to have a register of more than 11 million adults - representing about one in four of the adult population of England.
(Washington Post) The Future of Privacy Forum, a Washington group supported by AT&T, is pushing Barack Obama to appoint a chief privacy officer to shape standards about the use of consumer data. See Press Release and The Future of Privacy Forum Consumer Privacy Agenda for the New Administration. Separately, the Center for Digital Democracy and the U.S. Public Interest Research Group said they plan to file a complaint with the Federal Trade Commission, urging the agency to investigate mobile marketing practices that may threaten consumer privacy.
(Berkman Center ) by Hal Roberts. Three of the circumvention tools - DynaWeb FreeGate, GPass, and FirePhoenix - used most widely to get around China's Great Firewall are tracking and selling the individual web browsing histories of their users. Data about aggregate usage of users of the tools is published freely. Aggregate data like this is a terrific resource for those of us interested in researching circumvention tool usage, and not much of a privacy risk for the circumventing users. But the ranking site also advertises a pay service through which you can get not only much more data, but data about individual users.
(AP) Yahoo will shorten the amount of time that it retains data about its users' online behavior ? including Internet search records ? to three months from 13 months and expand the range of data that it "anonymizes" after that period. Yahoo's announcement ratchets up the pressure on rivals Google and Microsoft to follow its lead. In September, Google said it would "anonymize," or mask, the numeric Internet Protocol (IP) addresses on its server logs after nine months, down from a previous retention period of 18 months. And Microsoft, which currently keeps user data for 18 months, said it would support an industry standard of six months.
(BBC) Privacy experts have banded together to influence policy in the new Obama administration and set best practices for the industry. The newly formed Future of Privacy Forum aims to present a privacy agenda to the Obama team in late November. It also plans to talk to internet users about their concerns.
(New York Times) Law enforcement officials want popular sites, like the social network MySpace, to confirm the identities and ages of minors and then allow the young Web surfers to talk only with other children, or with adults approved by parents. But performing so-called age verification for children is fraught with challenges. Nevertheless, over the last year, at least two dozen companies have sprung up with systems they claim will solve the problem. Surprisingly, their work is proving controversial and even downright unpopular among the very people who spend their days worrying about the well-being of children on the Web.
(OUT-LAW News) Social networking sites are not permitted to store information about people's use of the sites beyond the duration of a particular session in Germany, according to a panel of all that country's data protection officials. Companies behind social networks such as MySpace and Facebook must also tell users what happens to any data that is collected and tell them how they can influence the use of that data. The principles were laid down by the Düsseldorfer Kreis, a panel of all the German data protection authorities. They laid down eight principles of operation for social networking sites to keep them in line with data protection law. Datenschutzkonforme Gestaltung sozialer Netzwerke (PDF).
(AFP) Social networking websites were urged to warn users about the low level of protection given to their profiles at a Council of Europe-organised conference on the issue. The European Union Data Protection Authority (Cnil) said websites like Facebook should inform users that their profiles currently receive only "weak" protection. It added that website users, especially minors, should be told about the risks they face by going online and given clear instructions on how to change their data protection settings. The request came at the end of a two-day conference in the French city of Strasbourg during which 70 countries also stressed the need for a universal standard on privacy and personal data protection. see draft Resolution on Children's Online Privacy October 2008. Proposer: Privacy Commissioner of Canada. Co-sponsors: Privacy Commissioner, New Zealand, La Commission Nationale de l?Informatique et des Libertés (France), Data Protection Commissioner, Ireland, Berlin Data Protection and Freedom of Information Commissioner, Information Commissioner, United Kingdom.
(Sunday Times) Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance. Phone buyers would have to present a passport or other official form of identification at the point of purchase. The move is targeted at monitoring the owners of Britain?s estimated 40m prepaid mobile phones. They can be purchased with cash by customers who do not wish to give their names, addresses or credit card details.
(Times) The Ministry of Defence faces an investigation by the Information Commissioner after the disappearance of a computer hard drive containing details of Armed Forces personnel and thousands of potential recruits. Richard Thomas, the commissioner, will decide what steps to take after the MoD has completed its own inquiry. The removable hard drive was supposed to have been stored in a secure room with only limited access to personnel with special pass codes. Officials at EDS, the world's second-biggest computer company, said it was possible that the hard drive had been taken home by an employee or moved to another part of the company's office in Hook, Hampshire. Details relating to the 100,000 serving members of the Armed Forces include bank and driving licence information, next-of- kin addresses and dates of birth.
(vnunet.com) The Royal Air Force has suffered a data loss that has reportedly put tens of thousands of personal records at risk. The Ministry of Defence (MoD) said that it is investigating the breach, which is believed to stem from the loss of three portable hard drives from an RAF base at Innsworth in Gloucestershire. The MoD said that two of the three drives contained RAF personnel records, while the third did not hold any sensitive information. The drives are reportedly carrying details on some 50,000 people.
(The Register) The European Commission has again written to the government for an explanation of UK authorities' response to BT's allegedly illegal secret trials of Phorm's ISP adware system. Brussels still wants answers after a September missive from Whitehall failed to address legal issues surrounding past deployments of the technology, and didn't provide details about how future rollouts will be regulated.
(Guardian) MPs demanded a "cultural change" in public sector data handling after it emerged that a computer hard drive with the private details of 100,000 armed forces personnel had gone missing. The hard drive was being held by EDS, the Ministry of Defence's main IT contractor. It contains the names, addresses, passport numbers, dates of birth and driving licence details of those serving in the army, navy and RAF. It also includes next-of-kin details, as well as information on 600,000 potential services applicants and the names of referees. Officials said it may also include some bank account details.
(IDG) Three of the four largest ISPs (Internet service providers) in the U.S. will adopt policies that require them to get meaningful permission from customers before tracking online activities. Representatives of AT&T, Time Warner Cable and Verizon told a U.S. Senate committee that they currently do not engage in behavioral advertising that uses subscribers' Web activities to deliver contextual ads. If the ISPs decide to start behavioral advertising programs, they will give customers a detailed description of the ad program and ask for permission before tracking online activities, the companies said. However, the ISPs also suggested that legislation is not now needed to protect customer privacy online.
(BBC) The government has outlined how a controversial online ad system can be rolled out in the UK. In response to EU questions about its legality, it said that it was happy Phorm conformed to EU data laws. But any future deployments of the system must be done with consent and make it easy for people to opt out. The European Union had demanded clarification about the system which tracks web habits in order to provide better targeted ads.
(OUT-LAW News) The Article 29 Working Party, an independent EU advisory body on data protection and privacy, will lead hearings with Google over the search giant's claim that EU data protection laws do not apply to it. It said that Google is refusing to submit to Europe's data protection regime and that "strong disagreements" remain. It said in a statement that Google "considers that the European law on data protection is not applicable to itself, even though Google has servers and establishments in Europe". It also said that Google "wishes to retain personal data of users beyond the six months period requested by the Article 29 Working Party, without any justification."
A court in Montana has ruled that a newspaper does not have to reveal the identity of those who posted comments on its website. A state law that protects journalists from revealing their sources also protects a news site's user comments, the court ruled.
(Center For Democracy and Technology)
Online Behavioral Advertising:
1) Using ISP Data for Behavioral Advertising Raises Critical Privacy and Internet Functionality Concerns
2) Existing Implementations of ISP-Based Behavioral Advertising May Violate Federal Law
3) House Investigation Reveals Problematic Behavioral Advertising Practices